139.162.11.43 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Singapore

运营商(isp): Linode LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Honeypot hit.	2020-02-09 09:55:29

相同子网IP讨论:

IP	类型	评论内容	时间
139.162.111.98	spamattack	Unauthorized connection attempt detected from IP address 139.162.111.98 to port 8080	2020-11-19 17:15:48
139.162.116.133	attack	Malicious brute force vulnerability hacking attacks	2020-10-14 07:39:12
139.162.112.248	attack	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-10-06 04:15:47
139.162.114.154	attackbots	TCP (SYN) 139.162.114.154:55866 -> port 80, len 40	2020-10-06 03:23:05
139.162.112.248	attackbotsspam	scans 2 times in preceeding hours on the ports (in chronological order) 8080 8080	2020-10-05 20:15:14
139.162.114.154	attackbots	Blocked by Sophos UTM Network Protection . / / proto=6 . srcport=45266 . dstport=80 HTTP . (890)	2020-10-05 19:16:07
139.162.112.248	attackspambots	TCP (SYN) 139.162.112.248:50227 -> port 8080, len 44	2020-10-05 12:06:17
139.162.116.22	attackbotsspam	TCP (SYN) 139.162.116.22:35955 -> port 1755, len 44	2020-09-26 06:20:18
139.162.116.22	attackspam	TCP port : 1755	2020-09-25 23:22:16
139.162.116.22	attackspam	Found on Alienvault / proto=6 . srcport=45465 . dstport=1755 . (3629)	2020-09-25 15:00:43
139.162.116.133	attackspambots	Automatic report - Banned IP Access	2020-09-08 04:27:28
139.162.116.133	attackspam	srvr2: (mod_security) mod_security (id:920350) triggered by 139.162.116.133 (JP/-/scan-66.security.ipip.net): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/06 18:45:21 [error] 75202#0: 153186 [client 139.162.116.133] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159941072171.478932"] [ref "o0,14v21,14"], client: 139.162.116.133, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-07 20:06:17
139.162.118.185	attackspam	Auto Detect Rule! proto TCP (SYN), 139.162.118.185:48116->gjan.info:22, len 40	2020-09-06 03:37:48
139.162.118.185	attack	[portscan] tcp/22 [SSH] *(RWIN=65535)(09051147)	2020-09-05 19:16:50
139.162.116.133	attack	srvr1: (mod_security) mod_security (id:920350) triggered by 139.162.116.133 (JP/-/scan-66.security.ipip.net): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/29 15:49:44 [error] 27704#0: 112472 [client 139.162.116.133] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "15987161847.535630"] [ref "o0,13v21,13"], client: 139.162.116.133, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-30 03:07:41

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.162.11.43
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53316
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.162.11.43.			IN	A

;; AUTHORITY SECTION:
.			426	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020801 1800 900 604800 86400

;; Query time: 102 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Feb 09 09:55:26 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

43.11.162.139.in-addr.arpa domain name pointer li853-43.members.linode.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
43.11.162.139.in-addr.arpa	name = li853-43.members.linode.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
112.85.42.177	attackspam	Dec 1 09:31:45 MK-Soft-VM4 sshd[15799]: Failed password for root from 112.85.42.177 port 47262 ssh2 Dec 1 09:31:51 MK-Soft-VM4 sshd[15799]: Failed password for root from 112.85.42.177 port 47262 ssh2 ...	2019-12-01 16:39:29
185.176.27.2	attack	Dec 1 09:37:10 h2177944 kernel: \[8064679.281385\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.2 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=37732 PROTO=TCP SPT=8080 DPT=21894 WINDOW=1024 RES=0x00 SYN URGP=0 Dec 1 09:40:14 h2177944 kernel: \[8064862.727621\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.2 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=26968 PROTO=TCP SPT=8080 DPT=20363 WINDOW=1024 RES=0x00 SYN URGP=0 Dec 1 09:45:33 h2177944 kernel: \[8065181.975701\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.2 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=26943 PROTO=TCP SPT=8080 DPT=20271 WINDOW=1024 RES=0x00 SYN URGP=0 Dec 1 09:46:56 h2177944 kernel: \[8065264.534266\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.2 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=57386 PROTO=TCP SPT=8080 DPT=21302 WINDOW=1024 RES=0x00 SYN URGP=0 Dec 1 09:50:55 h2177944 kernel: \[8065503.929886\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.2 DST=85.214.117.9 LEN=	2019-12-01 16:53:30
193.77.155.50	attack	Dec 1 09:13:38 server sshd\[21199\]: Invalid user admin from 193.77.155.50 Dec 1 09:13:38 server sshd\[21199\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=bsn-77-155-50.static.siol.net Dec 1 09:13:40 server sshd\[21199\]: Failed password for invalid user admin from 193.77.155.50 port 41374 ssh2 Dec 1 09:28:11 server sshd\[24711\]: Invalid user clock from 193.77.155.50 Dec 1 09:28:11 server sshd\[24711\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=bsn-77-155-50.static.siol.net ...	2019-12-01 16:54:44
188.195.166.17	attackbots	19/12/1@01:28:47: FAIL: IoT-Telnet address from=188.195.166.17 ...	2019-12-01 16:29:30
112.122.76.240	attackspambots	UTC: 2019-11-30 port: 23/tcp	2019-12-01 16:44:12
149.129.251.229	attackspambots	Dec 1 07:28:19 nextcloud sshd\[7172\]: Invalid user jehl from 149.129.251.229 Dec 1 07:28:19 nextcloud sshd\[7172\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.129.251.229 Dec 1 07:28:21 nextcloud sshd\[7172\]: Failed password for invalid user jehl from 149.129.251.229 port 40242 ssh2 ...	2019-12-01 16:45:48
222.186.175.148	attackbotsspam	SSH Bruteforce attempt	2019-12-01 17:01:33
218.92.0.134	attackspambots	[ssh] SSH attack	2019-12-01 17:00:32
212.156.17.218	attack	2019-12-01T08:27:38.397403abusebot-3.cloudsearch.cf sshd\[19925\]: Invalid user rolph from 212.156.17.218 port 36110	2019-12-01 16:53:17
222.186.173.180	attackbots	Dec 1 03:56:23 plusreed sshd[14854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.180 user=root Dec 1 03:56:26 plusreed sshd[14854]: Failed password for root from 222.186.173.180 port 10070 ssh2 ...	2019-12-01 17:00:00
180.191.172.115	attackspam	Dec 1 06:28:50 work-partkepr sshd\[5554\]: Invalid user media from 180.191.172.115 port 10954 Dec 1 06:28:50 work-partkepr sshd\[5554\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.191.172.115 ...	2019-12-01 16:30:14
167.88.2.219	attack	firewall-block, port(s): 5902/tcp	2019-12-01 16:41:11
223.18.209.174	attackspam	UTC: 2019-11-30 port: 80/tcp	2019-12-01 16:56:15
85.30.215.172	attackbots	firewall-block, port(s): 9001/tcp	2019-12-01 17:02:16
222.186.175.147	attack	Dec 1 09:46:03 vps691689 sshd[2507]: Failed password for root from 222.186.175.147 port 15970 ssh2 Dec 1 09:46:17 vps691689 sshd[2507]: error: maximum authentication attempts exceeded for root from 222.186.175.147 port 15970 ssh2 [preauth] ...	2019-12-01 16:48:42

最近上报的IP列表

170.246.152.4	139.59.67.82	36.79.43.159	183.187.94.212
118.70.117.156	168.62.171.57	41.203.96.141	107.173.194.163
185.253.214.110	193.191.56.114	129.245.137.39	236.201.70.196
81.205.5.14	131.102.218.99	135.146.97.179	45.160.7.29
2001:171b:c9ae:b0b0:a827:c4f4:a955:aa41	80.114.229.71	29.63.147.223	89.101.235.233